CVE-2007-5189

Name of the Vulnerable Software and Affected Versions x-script GuestBook version 1.3a

Description The issue concerns SQL injection vulnerabilities in the mes add.php file of x-script GuestBook. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands by manipulating the name, email, icq, and website parameters.

Recommendations For x-script GuestBook version 1.3a, consider disabling the mes add.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the name, email, icq, and website parameters in the affected file until the issue is resolved.